<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">Hi,<br>
      <br>
      On 08/11/16 17:33, Matthias Ballreich wrote:<br>
    </div>
    <blockquote
cite="mid:AM4PR0601MB1924B18D3B6F177B10C1AC2BFBA60@AM4PR0601MB1924.eurprd06.prod.outlook.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
      <div id="divtagdefaultwrapper"
style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;"
        dir="ltr">
        <p class="x_MsoNormal"><span lang="EN-US">Hi there,</span></p>
        <p class="x_MsoNormal"><span lang="EN-US"> </span></p>
        <p class="x_MsoNormal"><span lang="EN-US">how can i access the
            Mozilla NSS (shared) Database (cert8 or cert9d.db) /
            PKCS#11-Modules via OpenSSL?</span></p>
        <p class="x_MsoNormal"><span lang="EN-US">I need read &
            write access to the NSS User Cert Database (softokn3) and to
            the Built-In Cert Database (nssckbi) under Windows.</span></p>
        <p class="x_MsoNormal"><span lang="EN-US"> </span></p>
        <p class="x_MsoNormal"><span lang="EN-US">I tried it with Libp11
            this way:</span></p>
        <p class="x_MsoNormal"><span lang="EN-US"> </span></p>
        <p class="x_MsoNormal"><span style="font-size:10.0pt;
            color:black" lang="EN-US">int rc = 0;<br>
                    PKCS11_CTX *pkcs11_ctx;<br>
                    pkcs11_ctx = PKCS11_CTX_new();<br>
                    PKCS11_CTX_init_args(pkcs11_ctx,<br>
                                   
                 "configdir=''C:/Users/Username/AppData/Roaming/Mozilla/Firefox/Profiles/5wzkdcjx.default'
            certPrefix='' keyPrefix='' secmod='secmod.db'");<br>
                    rc = PKCS11_CTX_load(pkcs11_ctx, " C:/Program Files
            (x86)/Mozilla/Firefox/softokn3.dll ");<br>
                    printf("Desc: %s\n", pkcs11_ctx->description);<br>
                    if (rc)<br>
                            printf("Error loading Module");<br>
            <br>
          </span><span lang="EN-US">But it return every time “-1” which
            tells me that the loading fails. So is this the right way?
            Or should I use another library? Or is my code not right?</span></p>
        <p class="x_MsoNormal"><span lang="EN-US">And can I edit the
            Trust Settings with that or another library like with NSS
            directly? Because I can’t delete the built-in certs of
            nssckbi because this is read-only I can edit the
            Trust-Settings for that certificate. Can I do that with
            OpenSSL in combination with a library, too? Or should I
            better use NSS instead of OpenSSL?</span></p>
        <br>
      </div>
    </blockquote>
    this is slightly off-topic for this mailinglist, but I'd try using
    p11-kit to access the NSS device; the problem with the softokn3
    pseudo-pkcs11 device is/was that it did not follow the PKCS11
    standard completely - this made the softokn3 device unusable for
    tools like libp11 and opensc ; however, there are links on the web
    stating that p11-kit does not how to read a nssdb file, e.g.<br>
     
    <a class="moz-txt-link-freetext" href="https://wiki.gnome.org/Projects/CryptoGlue/Integration#NSS_libsoftokn3">https://wiki.gnome.org/Projects/CryptoGlue/Integration#NSS_libsoftokn3</a><br>
    <br>
    and p11-kit has been ported to both mingw and cygwin.<br>
    <br>
    HTH,<br>
    <br>
    JJK<br>
    <br>
  </body>
</html>